Be careful out there!
Over the past several days, TUAW has received a number of emails from readers noting that there is a phishing scam going around. In case you're not familiar with phishing, it's a way for devious types to get access to your user ID and password for an account -- in this particular case, your Apple ID -- so that they can then go in and rack up big charges. Even worse, since many people use the same email and password for multiple accounts, this can open the door to all sorts of nefarious action.
Phishing is done by sending out emails that look like they are from a trusted source (here, it's Apple), often saying an account has some issues and asking you to click on a link in the email to log in and correct those issues.
Don't do it.
If you do, you're actually being directed to a fake Apple website where you'll be asked to enter in that Apple ID and password. Once that information is in the wrong hands, well, things might not go so well for you.
The image at the top of this post shows one of the emails that has been going around. There are a few "tells" -- first, it says "Dear," but doesn't show a name. Second, it expresses concern that "someone tried to log into your Apple account from a different IP address" -- Apple doesn't check your IP address, which is why you can log into your account from an iPhone, iPad or Mac just about anywhere.
Third, what the heck does "Penligst" mean? Apple's usually pretty good about sending emails in the proper language for your country, and in this particular case, that does not look like English. In fact, Google Translate couldn't figure out what it was, except that it might be close to "venligst," the Norwegian word for "please".
Apple will NEVER ask you to click on an embedded link in an email to go to a "Verify Now" website. Hovering your cursor over the embedded link shows that the link goes to a non-Apple website -- in this case
appe-ca-verifyed.tk/z/1.php. That .tk? That's the country code top-level domain for the island territory of Tokelau in the South Pacific; a domain that in 2010 was responsible for about 21.5 percent of all total phishing attacks.
So please tell your friends, loved ones, enemies and everyone to be careful and not fall for this scam. Point out some of the things that are common in phishing, and if you -- or your friends and relatives -- are concerned that an account has been compromised, go directly to the website and never click on a link in an email.
Hat tips to Dan F and Hal S for alerting us to this latest scam